Communications Networks, Content and Technology
European Commission Directorate General

Digital Privacy Centre of Excellence

Digital Privacy Centre of Excellence

Trust & Security (Unit H.4)
Goal

To ensure that the legal framework and policies on data protection and privacy protect EU consumers uniformly across the EU, promote effective solutions which foster citizens' trust and confidence on-line and in the ICT sector in general. 

Action

1. Facilitate the correct transposition of the ePrivacy Directive;2. Support the uptake of pragmatic and effective solutions to comply with the ePrivacy Directive which guarantee individuals' privacy and data protection, in particular regarding on-line tracking;3. Assess the need to review the ePrivacy Directive in order to cope with technological developments, the evolving notion of privacy and changes to the data protection framework;4. Put in place a full-fledged framework on personal data breach notification for providers of electronic communication services (complementing general provisions on DP managed by DG JUST) and ensure its effective implementation;5. Address privacy and data protection aspects in the development of ICT policies (IoT, RFID, big data, cloud…).6. Implement research and innovation activities through H2020 to investigate innovative solutions to protect individuals' privacy.

Situation

1. The ePrivacy Directive has been transposed in all MS. The Commission must monitor its implementation in MS to ensure compatibility with the EU acquis and uniformity.2. Online privacy is central to ensuring that citizens have confidence in online services. The current degree of compliance with the framework, in particular as far as on-line tracking, can be improved, which in turn should increase users' trust in the digital environment. To this end, the EU needs to work with stakeholders to find pragmatic solutions to enhance transparency and empower individuals while complying with the ePrivacy Directive.3. Assessment of the need for review of the ePrivacy Directive. Directive 95/46/EC is under review. The ePrivacy Directive, as lex specialis, must be consistent with the former. Amendments to the ePrivacy Directive may be necessary to ensure a proper interplay between the two instruments Revisions to the ePrivacy Directive may be needed depending on the degree of effectiveness of the current ePrivacy Directive provisions.4. The current personal data breach framework has just been completed through the adoption of technical implementing measures. The EU needs to work with national authorities to ensure its effective application.5. The development of ICT (such as Internet of Things (IoT), big data, cloud...) introduce additional risks for privacy. There is a need to address such privacy concerns in innovative and effective ways, without undermining the development of such technologies.6. A number of FP7 projects have started touching upon privacy aspects. This has shown a big need for further research and innovation activities under H2020 to demonstrate the viability and maturity of state-of-the-art privacy and trust solutions and validate these with end-users.

Mandate
The ePrivacy Directive (2002/58) concerns the protection of privacy and personal data in the electronic communications sector. Unit H4 is responsible for policy developments and transposition of this Directive. The ePrivacy Directive complements the Data Protection Directive 95/46/EC. The latter sets forth general principles to ensure the rights and freedoms of natural persons with regard to the processing of personal data, in order to ensure the free flow of information. The ePrivacy Directive specifies how the general principles apply to the electronic communications sector.

Input

Full-Time Equivalent: 
5
People: 
5.00 full-time equivalent (FTE)
Collaboration with other DGs or agencies:
Budget: 
N/A
Other: 

Three studies have been or will be commissioned (ePrivacy Directive: assessment of transposition, effectiveness and compatibility with proposed Data Protection Regulation (SMART 2013/0071); Implementation of the Recommendations on Privacy and Data Protection issues in Applications supported by RFID – Monitoring study (SMART 2007/0035) and Impact Assessment of Policy Options towards a possible governance of the Internet of Things (SMART 2012/0053).

Outputs

Implementation of the ePrivacy Directive

  • Assessment of the quality and consistency of national implementation of ePrivacy Directive;
  • Monitoring of technological and market solutions to comply with the provision on cookies. Work with stakeholders to support pragmatic solutions to inform users and obtain their consent to be tracked while surfing the Internet. In particular, engage in on-going follow-up Do Not Track (DNT) standardization work and support the online behavioural advertising (OBA) self-regulatory process;
  • Assessment of the need to review the current ePrivacy Directive in the light of the revisions to Directive 95/46/EC and effectiveness of its current provisions;
  • Assistance to Member States in the application of the recently adopted technical implementing measures on personal data breach notifications;

Indicators

4257

• Number of Member States assessed for their effective national implementation of the ePrivacy Directive

Target 8-9
Baseline 0
Current 0

• Number of Member States with effective application of the technical implementing measures on personal data breach notifications

Target 28
Baseline 0
Current 0

• Percentage of users recognising the role of the EC on digital privacy policy implementation

Target TBD
Results/Impacts

Respect of privacy online

  • Uniformity of the legal framework, which results in simplification and reduction of costs;
  • Increased trust and confidence in online services;
  • Businesses unlock the value of personal data;
  • New business models that take privacy issues fully into account;
  • More transparency and control for EU citizens when websites place information, e.g. cookies, on their devices;
  • Electronic communications subscribers being informed as soon as possible after a security breach involving their personal data has occurred.

Timeframe: Ongoing

Indicators

385

Number of Member States with an effective national implementation of the ePrivacy Directive (lead indicator)

Target 8-9
Baseline 0
Current 0

Percentage of users setting their browser to disable or turn off cookies

Target TBD
Baseline 40% in the US, unknown in the EU

Link to DG CONNECT's Top Level Targets

  • eCommerce Action Plan - Double the share of eCommerce in retail sales and of the internet sector in European GDP by 2015
  • DAE - 50 % of the population to buy online by 2015
  • DAE - 20 % of the population to buy online cross-border by 2015
  • DAE - 33 % of SMEs to make online sales by 2015